McAfee maintain a list and profile of nearly all the viruses out in the computer world, and also grade their current risk status. Computer users who want to keep themselves abreast of new viruses and threats, would do well to consult this list occasionally.

It’s an illuminating line-up, bringing home to computer users the high levels of risk and danger that they face in their everyday dealings with computers.

Let’s take one day in particular, when McAfee drew our attention to three new Trojan viruses. On the 26th October, 2006, McAfee added to their list of viruses to look out for the following three names:

• Generic Dropper!bei!1938a8cf8776;
• Generic.dx!gcq!4894f6dd2862;
• Generic PWS.y!bce!eac18f0df91a.

All are trojans and before we take a quick look at the first one in the list, the Generic Dropper!bei!1938a8cf8776, lets remind ourselves what a trojan is.

Named for very apt reasons after the Trojan Horse in Greek mythology, a trojan is malware which appears to have a desirable, or necessary function, but in reality allows unauthorised access to a user’s computer. In other words, just like the Trojan Horse which was presented as a gift, only to conceal soldiers that gained unwanted access.

What distinguishes them from viruses and worms, is that they are not self-replicating. What’s more, to fulfil their evil deeds, they require a degree of interaction from the hacker, or cybercriminal. And trojans need not be faithful to their creators; hackers can, by using a port scanner to scan network computers, be on the hunt for an available trojan which will give them access to a vulnerable machine.

Because they don’t self-replicate, they have to be spread manually by unwitting computer users, or hackers. They are most commonly activated executing programmes distributed by e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Infection symptoms of the detection are the files, registry and network communication detailed in the McAfee virus characterisation section. Here McAfee provides bares the Generic Dropper!bei!1938a8cf8776 to the public, including file name (in this case virus.exe), its length (81,920 bytes) and its CRC (2581E782).

It’s known by other computer security companies as:

• Avast - Win32:Malware-gen;
• Avira - TR/Drop.Agent.AP;
• Dr.Web - BackDoor.IRC.Sdbot.4889;
• Eset - a variant of Win32/Injector.AEH;
• FortiNet - W32/VB.AD!tr;
• Kaspersky - Trojan-Dropper.Win32.VB.mwb;
• Sophos - Mal/VB-AD;
• Symantec - W32.SillyFDC.

Guest Article by Neil Camp

Mid-sized companies which try to cope with the economic downturn by cutting computer security budgets are risking losing more money as they open themselves up to cybercrime.

In a situation which will undoubtedly play out across the whole business scene, cutting back on IT security is a false economy, and say McAfee, is often justified by the companies thinking that the cybercriminal is only interested in larger companies. This say McAfee is the Security Paradox and is the title of a comprehensive research report on mid-sized companies and their approach to IT security.

The McAfee report shows that half of mid-size companies surveyed globally have seen more security incidents in the past year. Indeed, one mid-sized company alone lost $43,000 on average to security incidents. Yet the majority of these same companies are nevertheless reporting spending freezes on their IT security budgets.

But mid-sized companies mistakenly believe that cybercriminals will overlook them for bigger targets. The McAfee report showed that 43% of mid-sized companies questioned believed that companies with 501+ employees are most at risk for a security attack.

Whereas, in reality, on average companies with less than 500 employees actually suffer from more attacks.

Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, said:
“An organization’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources. But this creates a vicious cycle of breach and repair that costs far more than prevention. Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk.”

The McAfee report goes on to say that 65% of midi-size organisations surveyed worldwide spend less than four hours a week on IT security proactively, but nearly the same amount (67%) spend more than a day recovering from IT security attacks. The report also highlighted the varying approaches in countries across the world. Interestingly, the countries where companies invested the least time on prevention, Canada and France amongst them, suffered the greatest financial losses and downtime from cybercrime. And they required a week, or longer to recover from their most recent cyber-attack.

Other facts that the report also revealed include:

• in 2008, US mid-sized companies spent a total of $17.2 billion fixing IT security incidents;
• last year, on average, a single US mid-sized company spent more than $75,000 a year on IT security incidents;
• the mid-sized company has seen, on average, a 322% increase from 2008 to 2009 of average cyber-attacks;
• over half (56%) of mid-sized companies globally have seen more security incidents this year than last, and 29% suffered a security breach in the last year;
• in the past there years, of the mid-sized companies that have had security breaches, those with 101 to 500 people have had about 24 incidents compared to only 15 incidents for organizations with 501 to 1,000 employees.

Guest Article by Neil Camp

McAfee has been joined in the fight against cybercrime by the computer chip manufacturer Intel Corporation Inc.

As the newest member of The McAfee Initiative to Fight Cybercrime Advisory Council, Intel is said by the computer security company to be well-versed in the areas of cybercrime and defense, and is able to provide best practices from a real-world perspective.

McAfee created The McAfee Initiative to Fight Cybercrime Advisory Council to ensure its initiatives are sustainable by harnessing the insights and energy of leaders who have already made a difference in this critical area. Former White House Cybersecurity Adviser Howard A. Schmidt chairs the global group.

Representing Intel on the council is Steve Grobman, director of cybersecurity technology and initiatives at Intel Corporation. He leads a team responsible for all aspects of security related to Intel products which includes the development of platform technologies that address current and future security challenges, as well as security assurance and policy.

The McAfee Initiative to Fight Cybercrime was first announced in October 2008 as a wide ranging initiative aimed at closing critical gaps in the fight against cybercrime. It is anchored by a multi-point plan that includes calls for action from all the areas that are so badly affected by cybercrime, including: law enforcement, academia, service providers, government, the security industry and society at large.

The priority of The McAfee Initiative to Fight Cybercrime is to deliver more effective investigations and prosecutions of cybercrime.

More information is available at: http://www.mcafee.com/fightcybercrime.

Based in Santa Clara, California, McAfee Inc is the world’s largest dedicated security technology company.

McAfee strongly believes in its commitment to relentlessly tackle the world’s toughest security challenges and delivers proactive and proven solutions, and services, that help secure systems and networks around the world.

This allows users to safely connect to the Internet, browse and shop the web more securely. McAfee is backed by an award-winning research team which creates innovative products that advises businesses, the public sector, service providers and home users. It sets out to enable them all to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security.

Guest Article by Neil Camp

McAfee and Verizon Business have formed a global strategic alliance which has at its heart an ambition to provide integrated security solutions to businesses and government agencies worldwide.

Verizon Business, a unit of Verizon Communications, is one of the world’s largest providers of IT, communications, security and network solutions.

The alliance means that Verizon Business will offer McAfee’s entire line of enterprise security products and services. In return, McAfee will tap Verizon Business’ data center outsourcing and expert consulting and managed services capabilities. Working together on future projects, the two companies will jointly develop a suite of next-generation, cloud-based managed security services.

The basis of the agreement is to offer enhanced value to enterprise clients by providing comprehensive world-class security solutions and services, including new cloud-based offerings

Kerry Bailey, senior vice president of Verizon Business Global Solutions, said:
“This strategic agreement with McAfee enables us to drive even more complete and integrated IT solutions to enterprises across the world. Verizon Business will be able to expand and more fully touch every facet of enterprise security so that enterprises can confidently do business in this digital age. Our newly expanded and next-generation cloud capabilities will enable organizations to better use security as a strategic tool and business enabler.”

David Scholtz, senior vice president of worldwide strategic alliances at McAfee, said:
“This agreement underscores the importance of delivering comprehensive security solutions to meet the needs of business and government clients. The complexities of today’s threats and turbulent economic times call for agreements of this kind; where products from multiple providers are combined to help improve our customers’ investments and control their operational costs.”

The agreement between the two companies has several key components, including:

• Verizon Business will offer full complement of McAfee enterprise security solutions to its client base via Verizon’s customer premises equipment (CPE) catalog. The new security offerings broaden the choice of world-class security solutions available to the Verizon Business customer base. This will also help McAfee significantly expand its global distribution channel;
• from the autumn, Verizon Business will offer McAfee’s PCI (Payment Card Industry) compliance services to banks and other organizations that support merchants that handle fewer than 20,000 e-commerce transactions, or up to one million credit card transactions each per year;
• McAfee customers will have access to the Verizon Business network of 1,200 security professionals. This teams designs, implements and integrates holistic security solutions worldwide;
• McAfee and Verizon Business will together offer a comprehensive portfolio of managed security services (MSS) to enterprises;
• Verizon Business will provide comprehensive data center outsourcing services to McAfee and help it consolidate its data centers. This will enable McAfee to further improve the 24/7 management of its Web hosting operations and better position the company to deliver cloud-based solutions;
• the two companies will jointly develop and market a suite of next-generation, cloud-based managed security solutions.

Guest Article by Neil Camp

McAfee is not alone in the computer industry in advising its customers how not to become a victim of phishing scams. They provide a number of top tips as to how to avoid falling fall prey to such skulduggery.

Although there are thousands of variations out there, phishing scams are all based on one idea: the bogus email, or instant message, which requests personal information.

Cybercriminals use phishing attacks to trawl for people’s IDs, username and passwords, so that they can copy an identity and breach someone’s bank, or shopping account.

The bogus email plays upon people’s natural inclination to answer an email which they believe at first sight comes from their bank, or online merchant. And phishing emails are becoming ever more sophisticated, becoming very good copies of the actual organisations they are pretending to be.

So take it from McAfee, there are a number of things you can do to avoid being trapped by such attacks.

Firstly, and most importantly, do not respond to emails – even if they appear to be from your bank, or online merchant – that ask you for personal information. In fact, never, ever send back your personal details in an email. Remember that banks and online merchants will never ask for such information via an email. They have it anyway and also, they are only too well aware of the trouble that phishing attacks create.

Secondly, never follow links in an email which appear to link you with your banking, or online merchants sites. Never follow these links, as they could take you onto a very good copy of an existing institution, but actually just be there to take note of your personal details, usernames and passwords.

Thirdly, when you want to visit your bank site, or online merchant, be sure to type the address that you know is correct into your web browser. This ensures that you go to the legimate site and not a bogus site, and you can conduct legimate business. You can also go in of course via a bookmark, or shortcut that you have created yourself.

Fourthly, don’t forget, that if you are ever unsure about an email, you can always telephone your bank, or online merchant, and check with them to see what they might have sent you.

McAfee provide constant updates on the top phishing scams and the top ten are currently (words in the subject line):

1. security alert!
2. account notification!
3. account notification
4. please confirm your data!
5. Chase Bank: online banking notification
6. Chase Bank: necessary to be read!
7. Chase Bank: important notice
8. Chase Bank: important security notice
9. Chase Bank: account secure confirmation
10. Chase Bank customer service: security alert.

And the top brands currently being exploited by phishing attacks are:

1. Amazon (72%)
2. Commonwealth Bank (14%)
3. eBay (9%).

Guest Article by Neil Camp

As part of McAfee’s Initiative to Fight Cybercrime – a wide ranging, global scheme aimed at closing gaps in the fight against those determined to steal online – the top security computer company has approved two further cybersecurity grants.

The beneficiaries this time are project proposals from Common Sense Media, a San Francisco-based non-profit organisation, and the Digital Security council of India. Last year, grants focusing on law enforcement training and coordination were awarded to the Council of Europe and the National District Attorneys Association.

The Cybercrime Grants programme is focused on fostering innovation and being able to give a measurable impact in key areas of educating, researching and introducing initiatives about cybersecurity issues.

Dave DeWalt, president and chief executive office of McAfee, said:
“As cybercrime continues to accelerate, we must find new ways to educate people and businesses about protecting their digital assets. We look forward to working with Common Sense Media and the Data Security Council of India, as we educate computer users around the world on avoiding the reach of increasingly sophisticated and ruthless cybercriminals.”

Based in San Francisco, Common Sense Media is a non-profit organisation which is focused on improving the media and technology lives of children and families through its up-to-date online information and education programs on digital literacy, digital citizenship, and cyber-safety.

It is there to serve over 4,000 schools and 600,000 households and draws in nearly ten million unique users. It boasts more than one million students with its educational resources and materials on digital media and technology.

The cybercrime grant from McAfee will be used by Common Sense Media to fund key elements of its cybersecurity and cyber-safety curriculum for middle schools.

James Steyer, CEO of Common Sense Media, said:
“We are very pleased to be working with McAfee to educate more young people and families about cyber threats and cybercrime, and about using computers and digital media in smart, safe and secure ways.”

Another non-profit organisation, the New Delhi-based Data Security Council of India focusses on developing best practices and training in India on data security and data privacy. It reaches out, via its Cybersecurity Awareness Initiatives, to a broad audience on a wide range of cybersecurity and cyber-safety issues. Money from the grant will help an education project funded through the McAfee Cybercrime Grant programme will reach computer users in Delhi, Mumbai, Chandigarh, Pune and Bangalore.

Dr. Kamlesh Bajaj, CEO of the Data Security Council of India, said:
“Education and awareness is the most important step in fighting cybercrime. Even as we create best security practices for industry, it is imperative for us to educate the general population in schools and colleges and with parents about Cyber Safety, Cyber Security, and Data Privacy. I’m sure DSCI together with McAfee can create useful training, and take it to a wider audience in major cities in India. I look forward to close cooperation with McAfee, and I believe this is just the beginning of a long partnership.”

Guest Article by Neil Camp

Coinciding with the release of Microsoft’s new operating system, McAfee has announced that its computer security products fully support Windows 7, the next stage on from Windows Vista.

McAfee highlighted the fact that its security products for consumers and businesses provide the necessary protection for Windows 7 users to cope against viruses such as spyware, Trojan horses, hacker intrusions and malicious Web sites. Furthermore, the encryption and data loss prevention solutions for enterprises from McAfee, will also support Windows 7.

Dave DeWalt, McAfee president and chief executive officer, said:
“McAfee technology ensures computer users around the globe have security protection available for their use of Windows 7. People upgrading their operating system should also upgrade their computer security. We continue to see an elevated cybersecurity threat landscape with unprecedented levels of malicious software seen this year by McAfee Labs. Windows 7 is just as prone to attack as previous versions of Microsoft’s operating systems.”

McAfee goes on to say that Microsoft has already had to take action against critical security flaws in its new operating system. It recently issued its biggest software patch yet to fix a range of security issues in its software programs, including Windows 7.

One of the main security flaws centred on the potential ability of a remote attacker to commandeer a vulnerable Windows system after the user simply views a rigged Web site.

McAfee say they were quick to react to the threat, providing protection against exploitation of most of these security threats on the day of Microsoft’s patch release.

All McAfee’s Enterprise products, which are designed to protect computers used by companies, businesses, governments and other organisations, support Microsoft Windows 7. This includes McAfee’s flagship products, McAfee Total Protection for Endpoint and the McAfee Total Protection Service.

On the consumer front, all McAfee’s products support Microsoft Windows 7. As regards existing customers, they have already begun receiving the latest version of McAfee-based products that support the new operating system. Other McAfee users can install the Windows 7 compatible version from the McAfee.com Web site.

McAfee offers its customers wide-ranging protection measures against vulnerabilities and threats that user’s systems, data and family are exposed to with the new Microsoft operating system and other third party applications.

Guest Article by Neil Camp

Computer software giant McAfee has just announced that it plans to launch an online support community.

It will enable McAfee customers to interact with other users to resolve issues, share best practices, and discuss emerging trends. And it has brought in a leader in social business software, Jive Software, to develop and host the new community space.

Barry McPherson, executive vice president of worldwide support and services at McAfee, said:
“Sharing information among peers is an increasing preference for our customers and an integral part of our social media strategy. The new support community will enable us to evolve beyond traditional phone and email based services and focus more on collaboration with our customers through discussions, blogs, wikis, user groups and community polling. The community will tie into our social media presence elsewhere on the Web where customer activity is increasing, and provide a hub with the tools to make conversations easier.”

The McAfee online support community will launch in the final months of 2009 and the company hope it will increase customer satisfaction and loyalty, retain and reuse knowledge and enable customers to share experiences that may help others. Furthermore, McAfee believes that its technicians, developers and product managers will be able to engage customers in new ways to enhance products and improve processes.

The new McAfee online community site will run on Jive’s Social Business Software platform (SBS).

As part of its listening and response system, McAfee is already monitoring top social sites Twitter and Facebook.

Headquartered in Santa Clara, California, US, McAfee is the world’s largest dedicated security technology company. It states that it is committed to relentlessly tackling the world’s toughest security challenges. McAfee’s strategy is to deliver proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the internet, browse and shop the Web more securely. And McAfee develops products that are designed to help home users, businesses, the public sector and service providers. It enables them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security.

Guest Article by Neil Camp

A new unlimited capacity online backup service has been launched by dedicated security company McAfee.

Called McAfee Online Backup, it offers a new secure online service that stores and encrypts digital assets such as photos, videos, music, e-mails and other files.

And McAfee says that recent research proves that such a service – one that is secure, automated and simple to use – is needed. It was revealed that:

• every week 140,000 hard drives will crash in the United States (according to Google Labs);
• every week 12,000 laptops are lost or stolen in U.S. airports (according to Dell & Ponemon Institute LLC);
• 70% of data losses are due to events beyond user control (according to a study by Pepperdine University);
• U.S. consumers own, on average, nearly 1,800 digital files each, yet more than half (52%) don’t backup their data for various reasons, mainly because they don’t know how, believe it takes too much time, or don’t have the tools needed to backup (according to the Consumer Electronics Association).

One of the biggest plus points with the new service is that it is based upon offering unlimited capacity, which means that consumers do not need to remember when to back up files, or decide which files are important to backup and which are not. And a secure server online ensures all of their precious files remain safe in the event something happens to their computer.

Other benefits include safe and secure online backup. In case of a catastrophe, or device failure, users’ files are safely encrypted and stored on a secure remote server online and are easily retrievable with just a few clicks.

Furthermore, it’s easy setup for automatic backup. After what McAfee claim is a simple installation, the backup process is completely automatic and will happen in the background at regular intervals. This can also be customized by the consumer.

Brent Remai, vice president of consumer marketing at McAfee, said:
“The McAfee Online Backup service addresses many of consumers’ concerns about safely and easily storing their important files with unlimited storage capacity. It completely eliminates the hassle of backup: set-up takes just a few easy steps, and then the service securely backs up files automatically at regular intervals, It’s the perfect solution for anyone with a PC, but specifically the member of the family who manages the family’s digital photos, videos, music and other files. They no longer need to worry about disk failure, file corruption or other disasters such as home theft or fires.”

McAfee Online Backup comes on stream in the last quarter of the year in the following countries:

• Canada
• UK
• Australia
• Japan
• China
• Taiwan
• Mexico
• Brazil
• Germany
• France
• Spain
• Netherlands
• Italy
• Portugal
• Norway
• Denmark
• Sweden
• Finland
• Russia
• Poland
• Czech Republic
• Turkey
• Greece
• Hungary
• Serbia
• Croatia
• Korea.

The new Online Backup works with McAfee’s consumer security suites such as McAfee VirusScan Plus, McAfee Internet Security and McAfee Total Protection. It also works with other security products from other vendors.

Guest Article by Neil Camp

McAfee has been in winning form of late, picking up accolades from Information Security Magazine and SearchSecurity.com, as well as SC Magazine.

Followers of Information Security Magazine gave McAfee Web Gateway a Readers Choice Award and SearchSecurity.com presented it with a Gold Medal in the Security Products category. This put it above both Trend Micro and Websense.

McAfee Web Gateway won plaudits for its threat detection capabilities, which use McAfee’s anti-malware technology and scan engine to block spyware and clean viruses. The readers also liked the product’s comprehensive reporting system and vendor support features.

Dan Ryan, executive vice president and general manager of the Network Security business unit at McAfee, said:
“This award recognizes our ongoing commitment to technology innovation. Winning the gold medal for McAfee Web Gateway validates McAfee’s position as an industry leader, providing the most powerful, proactive protection against blended threats, spyware and targeted attacks.”

The McAfee Web Gateway product has at it’s heart the ability to protect user-initiated Web traffic against inbound threats, such as malware hidden on websites, or in encrypted SSL traffic, as well as outbound threats, such as loss of confidential information.

Hot on the heels of those accolades came one from SC Magazine which has awarded Complete Security five out of a possible five stars in the following categories: ease of use, performance and support. The product gained an overall rating of five stars.

Complete Security, a product recently obtained by McAfee during its acquisition of MX Logic solution, is a cloud-based Software-as-a-Service (SaaS) offering that includes the Email Defense, Web Defense and Message Archiving services.

McAfee state that all three services (Email Defense, Web Defense and Message Archiving) are integrated within a single, easy-to-use online control console. The first, Email Defense, provides advanced messaging protection, including more than 20 layers of spam and anti-virus filters. The second, Web Defense, works at the network perimeter, blocking spyware, viruses and phishing attacks. The third, Message Archiving, allows users to store and retrieve messages that can be securely archived from one to seven years.

Marc Olsen, senior vice president and general manager of the McAfee Software-as-a-Service business unit, said:
“Security-as-a-Service is a rapidly growing market. Customers are showing increased interest in deploying security SaaS solutions, SC Magazine’s positive review highlights our leadership in this field. McAfee strives to provide our customers with solutions that offer both seamless security and reduced IT costs.”

Guest Article by Neil Camp